Sorry, I was looking at the wrong log when I wrote this. BY does
show IPs for ICMP alerts.
-Peleus
On Thu, 7 Nov 2002, Peleus G. Uhley wrote:
>> I am doing some work on Barnyard to make it's fast alert output
> closer to Snort's fast alert output. Barnyard currently does not pull as
> information out of the unified log as there would be if Snort was doing
> the normal fast logging. An example would be that Snort's normal fast
> alert shows source and destination IPs for ICMP alerts and Barnyard does
> not. Another example would be Snort's fast alert output contains info #
> of targets and ports on portscans but Barnyard does not. Is this because
> Snort isn't dumping that information in unified logging mode or because
> Barnyard hasn't been developed enough to be able to pull it out?
>> thanks,
> -Peleus
>>>> -------------------------------------------------------
> This sf.net email is sponsored by: See the NEW Palm
> Tungsten T handheld. Power & Color in a compact size!
>http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en> _______________________________________________
> Snort-devel mailing list
>Snort-devel at lists.sourceforge.net>https://lists.sourceforge.net/lists/listinfo/snort-devel>